|
| 1 | +.. _about-codeql-workspaces: |
| 2 | + |
| 3 | +About CodeQL Workspaces |
| 4 | +======================= |
| 5 | + |
| 6 | +.. include:: ../reusables/beta-note-package-management.rst |
| 7 | + |
| 8 | +CodeQL workspaces are used to group multiple CodeQL packs together. CodeQL packs in the same workspace are automatically available as source dependencies for each other when running any CodeQL command that resolves queries. This makes it easier to develope and maintain multiple, related CodeQL packs. A typical use case for a CodeQL workspace is for developing one or more CodeQL library packs and one or more query packs that depends on it in them in the same location. |
| 9 | + |
| 10 | +The main benefit of a CodeQl workspace is that it is easier to develop and maintain multiple CodeQL packs. When a CodeQL workspace is used, all CodeQL packs in the workspace are available as source dependencies for each other when running any CodeQL command that resolves queries. This makes it easier to develope and maintain multiple, related CodeQL packs. |
| 11 | + |
| 12 | +In most cases, the CodeQL workspace and all CodeQL packs contained in it should be stored in the same git repository so the development environment is more easily sharable. |
| 13 | + |
| 14 | +The ``codeql-workspae.yml`` file |
| 15 | +-------------------------------- |
| 16 | + |
| 17 | +A CodeQL workspace is defined by a ``codeql-workspace.yml`` yaml file. This file contains a ``provide`` block, and optionally an ``ignore`` block. The ``provide`` block contains a list of glob patterns that define the CodeQL packs that are available in the workspace. The ``ignore`` block contains a list of glob patterns that define CodeQL packs that are not available in the workspace. Each entry in the ``provide`` or ``ignore`` section must map to a path to a ``qlpack.yml`` file. All glob patterns are relative to the directory containing the workspace file. See `@actions/glob <https://github.com/actions/toolkit/tree/main/packages/glob#patterns>` for a list of patterns accepted in this file. |
| 18 | + |
| 19 | +For example, the following ``codeql-workspace.yml`` file defines a workspace that contains all CodeQl packs recursively found in the ``codeql-packs`` directory, except for the packs in the ``experimental`` directory: |
| 20 | + |
| 21 | +.. code-block:: yaml |
| 22 | +
|
| 23 | + provide: |
| 24 | + - "*/codeql-packs/**/qlpack.yml" |
| 25 | + ignore: |
| 26 | + - "*/codeql-packs/**/experimental/**/qlpack.yml" |
| 27 | +
|
| 28 | +To verify that you have the correct ``codeql-workspace.yml`` file, run ``codeql pack ls`` command in the same directory as your workspace. The result of the command is a list of all CodeQL packs in the workspace. |
| 29 | + |
| 30 | +CodeQL workspaces and query resolution |
| 31 | +-------------------------------------- |
| 32 | + |
| 33 | +All CodeQL packs in a workspace are available as source dependencies for each other when running any CodeQL command that resolves queries or packs. For example, when ``codeql pack install`` is run in a pack directory in a workspace, any dependency found in the workspace will not be downloaded to the package cache, nor will it be added to the resulting ``codeql-pack.lock.yml`` file. See `:ref:Adding and Installing Dependencies <adding-and-installing-dependencies>` for more information. |
| 34 | + |
| 35 | +Similarly, publishing a CodeQL query pack to the GitHub container registry using ``codeql pack publish`` will always use dependencies found in the workspace instead of using dependencies found in the local package cache. |
| 36 | + |
| 37 | +This ensures that any local change to a query library in a dependency in the same workspace will be automatically reflected in the published query pack. |
| 38 | + |
| 39 | +Example |
| 40 | +~~~~~~~ |
| 41 | + |
| 42 | +Consider the following ``codeql-workspace.yml`` file: |
| 43 | + |
| 44 | +.. code-block:: yaml |
| 45 | +
|
| 46 | + provide: |
| 47 | + - "**/qlpack.yml" |
| 48 | +
|
| 49 | +And the following CodeQL library pack ``qlpack.yml`` file in the workspace: |
| 50 | + |
| 51 | +.. code-block:: yaml |
| 52 | +
|
| 53 | + name: my-company/my-library |
| 54 | + library: true |
| 55 | + version: 1.0.0 |
| 56 | +
|
| 57 | +And the following CodeQL query pack ``qlpack.yml`` file in the workspace: |
| 58 | + |
| 59 | +.. code-block:: yaml |
| 60 | +
|
| 61 | + name: my-company/my-queries |
| 62 | + version: 1.0.0 |
| 63 | + dependencies: |
| 64 | + my-company/my-library: "*" |
| 65 | + codeql/cpp-all: ~0.2.0 |
| 66 | +
|
| 67 | +Notice that ``"*"`` is specified as the version constraint for the library pack. Because the library pack is a source dependency, the version constraint is not needed since the library pack's content is always resolved from inside of the workspace. Any version constraint will be ignored in this case, but it is recommended to use ``"*"`` for source dependencies to avoid confusion. |
| 68 | + |
| 69 | +When ``codeql pack install`` is executed from the query pack directory, an appropriate version of ``codeql/cpp-all`` will be downloaded to the local package cache. Also, a ``codeql-pack.lock.yml`` file will be created that contains the resolved version of ``codeql/cpp-all``, but no entry for ``my-company/my-library`` since it is resolved from source. The ``codeql-pack.lock.yml`` file will look something like this: |
| 70 | + |
| 71 | +.. code-block:: yaml |
| 72 | +
|
| 73 | + dependencies: |
| 74 | + codeql/cpp-all: |
| 75 | + version: 0.2.2 |
| 76 | +
|
| 77 | +When ``codeql pack publish`` is executed from the query pack directory, the ``codeql/cpp-all`` dependency from the package cache and the ``my-company/my-library`` from the workspace will be bundled with ``my-company/my-queries`` and published to the GitHub container registry. |
0 commit comments